May 24, 2008

Blog Alert

Computer users have been warned not to click on unsolicited spammed emails on news reports about the earthquakes in China as they have been exploited to launch Trojan horse or malicious code.

Information technology security and control firm, Sophos, which discovered the scam said today this was just the latest in a number of tricks that cyber criminals had been exploiting since the recent disasters in China and Myanmar.

In a statement here, Sophos said while many users were aware of phishing emails and therefore would not respond, this attack downloaded malicious code onto the user’s computer without them even noticing.

Hackers could then use it to steal sensitive and confidential information for financial gain and to commit identity theft, Sophos said.

Samples intercepted by SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, showed that the Trojan horse (known as Troj/MalDoc-Fam) arrived in a user’s inbox as a news report which enticed innocent victims to click on the attached word document and read the latest about the tragedy.

However, when the Word document attached is opened, it triggered an exploit which downloaded further malicious software onto the user’s computer. Sophos advised computer users to avoid falling victim by not opening emails from unknown e-mailers.